QR Steganography - A Threat to New Generation Electronic Voting Systems

Jordi Cucurull, Sandra Guasch, Alex Escala, Guillermo Navarro-Arribas, Víctor Acín

Abstract

Quick Response (QR) codes, used to store machine readable information, have become very common nowadays and have found many applications in different scenarios. One of such applications is electronic voting systems. Indeed, some electronic voting systems are starting to take advantage of these codes, e.g. to hold the ballots used to vote, or even as a proof of the voting process. Nevertheless, QR codes are susceptible to steganographic techniques to hide information. This steganographic capability enables a covert channel that in electronic voting systems can suppose an important threat. A misbehaving equipment (e.g. infected with malware) can introduce hidden information in the QR code with the aim of breaking voters’ privacy or enabling coercion and vote-selling. This paper shows a method for hiding data inside QR codes and an implementation of a QR writer/reader application with steganographic capabilities. The paper analyses different possible attacks to electronic voting systems that leverage the steganographic properties of the QR codes. Finally, it proposes some solutions to detect the mentioned attacks.

References

  1. (2014). Wombat Voting System. voting.com.
  2. Chaum, D. L. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84-90.
  3. Chen, W.-Y. and Wang, J.-W. (2009). Nested image steganography scheme using QR-barcode technique. Optical Engineering, 48(5).
  4. Chung, C.-H., Chen, W.-Y., and Tu, C.-M. (2009). Image hidden technique using QR-Barcode. In Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, 2009. IIH-MSP 7809, pages 522-525.
  5. Dey, S., Mondal, K., Nath, J., and Nath, A. (2012). Advanced steganography algorithm using randomized intermediate QR host embedded with any encrypted http://www.wombat(2014).
  6. Farhi, N. (2013). An implementation of dual (paper and cryptograhic) voting system. Master thesis, Tel Aviv University.
  7. Fujioka, A., Okamoto, T., and Ohta, K. (1993). A practical secret voting scheme for large scale elections. In Seberry, J. and Zheng, Y., editors, Advances in Cryptology AUSCRYPT 7892, volume 718 of Lecture Notes in Computer Science, pages 244-251. Springer Berlin Heidelberg.
  8. Gharadaghy, R. and Volkamer, M. (2010). Verifiability in electronic voting - explanations for non security experts. In Krimmer, R. and Grimm, R., editors, Electronic Voting, volume 167 of LNI, pages 151-162. GI.
  9. Huang, H.-C., Chang, F.-C., and Fang, W.-C. (2011). Reversible data hiding with histogram-based difference expansion for QR code applications. IEEE Transactions on Consumer Electronics, 57(2):779-787.
  10. ISO/IEC (2006). ISO/IEC 18004:2006. information technology - automatic identification and data capture techniques - qr code 2005 bar code symbology specification.
  11. Lin, P.-Y., Chen, Y.-H., Lu, E., and Chen, P.-J. (2013). Secret hiding mechanism using QR barcode. In 2013 International Conference on Signal-Image Technology Internet-Based Systems (SITIS), pages 22-25.
  12. Maaten, E. and Hall, T. (2008). Improving the transparency of remote e-voting: The estonian experience. In Krimmer, R. and Grimm, R., editors, 3rd international Conference on Electronic Voting 2008, volume 131 of LNI GI, pages 31-43. Gesellschaft fr Informatik (GI).
  13. Reed, I. S. and Solomon, G. (1960). Polynomial codes over certain finite fields. Journal of the Society for Industrial & Applied Mathematics, 8(2):300-304.
  14. Sako, K. and Kilian, J. (1995). Receipt-free mix-type voting scheme. In Guillou, L. and Quisquater, J.-J., editors, Advances in Cryptology EUROCRYPT 95, volume 921 of Lecture Notes in Computer Science, pages 393-403. Springer Berlin Heidelberg.
  15. Vegas, C. (2012). The new belgian e-voting system. In Kripp, M., Volkamer, M., and Grimm, R., editors, 5th International Conference on Electronic Voting 2012 (EVOTE2012), volume P-205 of LNI GI, pages 200- 213. Gesellschaft fr Informatik (GI).
  16. Volkamer, M., Budurushi, J., and Demirel, D. (2011). Vote casting device with VV-SV-PAT for elections with complicated ballot papers. In Requirements Engineering for Electronic Voting Systems (REVOTE), 2011 International Workshop on, pages 1-8.
  17. von Bergen, P. (2012). Swissivi: Proof-of-concept for a novel e-voting platform.
  18. ZXing (2014). Zxing (Zebra Crossing Barcode Scanner Library). https://github.com/zxing/zxing.
Download


Paper Citation


in Harvard Style

Cucurull J., Guasch S., Escala A., Navarro-Arribas G. and Acín V. (2014). QR Steganography - A Threat to New Generation Electronic Voting Systems . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 484-491. DOI: 10.5220/0005120404840491


in Bibtex Style

@conference{secrypt14,
author={Jordi Cucurull and Sandra Guasch and Alex Escala and Guillermo Navarro-Arribas and Víctor Acín},
title={QR Steganography - A Threat to New Generation Electronic Voting Systems},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={484-491},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005120404840491},
isbn={978-989-758-045-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - QR Steganography - A Threat to New Generation Electronic Voting Systems
SN - 978-989-758-045-1
AU - Cucurull J.
AU - Guasch S.
AU - Escala A.
AU - Navarro-Arribas G.
AU - Acín V.
PY - 2014
SP - 484
EP - 491
DO - 10.5220/0005120404840491